Securing IoT Device Connections

Transcription

1 Enterprise Strategy Group Getting to the bigger truth. Solution Showcase Securing IoT Device Connections Date: July 2016 Author: Eugene Signorini, Senior Analyst Internet of Things: Immense Opportunity, but with IT and Security Complexity The most important reason that the Internet of Things (IoT) is becoming top-of-mind for so many organizations is the promise it holds for creating new business value. ESG s recent 2016 IT Spending Intentions Survey of 633 IT and information security professionals revealed that significant IoT activity is already occurring within most organizations. While just 19% of firms claim they already have IoT initiatives underway, an additional 39% are currently developing IoT initiatives that will be launched in the next 24 months. 1 Why are so many companies moving ahead with IoT in light of the complexity that it represents? They see immediate business value in the form of operational efficiencies (45% of companies asked), better and differentiated customer service (39%), creation of new products and services (38%), and development of new business models (26%). While the potential benefits of IoT are immense, technology leaders will be forced to rethink traditional IT approaches. IoT has noteworthy implications across the entirety of the enterprise IT landscape, including infrastructure, applications, security and analytics, and data management. And the intersection of IT and operational technology (OT) has significant implications, as well. It requires reliable enterprise IT transformation across many industries for mission-critical operations such as manufacturing processes, coordination of networks of trains, and maintenance of jet engines. One of the most critical areas impacted by IoT will be security. IoT increases potential security issues as mission-critical business systems become increasingly connected to a variety of networks. The vast number of devices and sensors connecting to the network increases the threat landscape significantly. At the same time, sensitive data generated from connected devices needs to be protected. In this report, we examine the unique challenges of IoT systems and discuss approaches that IT and cybersecurity professionals can implement to address the new security paradigm represented by IoT. IoT Represents a New Cybersecurity Paradigm Cybersecurity initiatives are already top-of-mind within organizations: When asked about the business initiatives i.e., goals for the entire company, not just IT that will drive the most technology spending, 43% of respondent organizations cited increasing cybersecurity. The fact that cybersecurity is top-of-mind for many organizations is not surprising given the dangerous threat landscape and highly publicized data breaches of 2015, including Anthem, Experian/T-Mobile, and the Office of Personnel Management (OPM). 1 Source: ESG Research Report, 2016 IT Spending Intentions Survey, February All ESG research references and charts in this solution showcase have been taken from this research report. This ESG Solution Showcase was commissioned by Great Bay Software and is distributed under license from ESG.

2 Solution Showcase: Securing IoT Device Connections 2 And cybersecurity professionals realize that the world isn t standing still, and threats are continually evolving. IoT represents yet another new dimension of security for organizations. Recent high-profile IoT security breaches have included TJX (in which over 45 million customer records were stolen), Jeep (where the onboard computer was hacked to gain control of the vehicle), and a Ukrainian electrical utility (where the power grid was sabotaged, cutting electricity off to tens of thousands of customers). IoT security threats are real, and specifically, these systems create new challenges related to the: Volume, distribution, and variety of devices: The potential for large-scale deployments of sensors and connected things implies that device volume for enterprises will increase exponentially. Furthermore, IoT devices and sensors are inherently distributed. These devices don t reside within the traditional four walls of the enterprise, but instead may be located in far-flung locations such as a manufacturing plant, offshore oil rig, or on industrial equipment in the field. And finally, device profiles will be vastly different depending upon the application type and use case. Instead of a fairly homogeneous device environment (such as PCs), IoT represents extreme heterogeneity of devices and sensors, as diverse as medical equipment, video cameras, and connected vehicles. Nature of network connections for IoT devices and sensors: Additionally, IoT devices will be connected over a variety of networks and protocols. While some IoT systems will leverage existing enterprise network infrastructure, some will rely on wireless wide area or local area networks, including a number of protocols, such as 4G/LTE, NB-IoT, Bluetooth, ZigBee, and LoRa, among many. Expanded volume of data generated from IoT systems: The volumes of data generated from connected devices can be daunting. For example, in manufacturing, sensors on just one production line have the ability to generate hundreds of thousands of data points in the course of several hours. New data streams generated from IoT systems need to be secured, from the time of generation and collection, through transmission, to storage within a data center or cloud environment. According to IoT decision makers, securing data (24%) is the top data challenge associated with IoT alongside data integration (see Figure 1). Figure 1. Biggest Data Challenge for IoT When you consider all of the data your organization collects or will collect as part of IoT initiatives, which of the following would you consider to be the biggest challenge from a technology perspective? (Percent of respondents, N=501) Transmitting the data, 5% Storing the data, 6% Governing the data (i.e., applying Securing the data, 24% corporate and regulatory compliance policies), 12% Protecting (i.e., backing up) the data, 13% Analyzing the data, 16% Integrating the data (i.e., combining multiple data sources for analysis), 24% Source: Enterprise Strategy Group, 2016

3 Solution Showcase: Securing IoT Device Connections 3 Business criticality of IoT systems: Finally, IoT systems by their very nature are often truly mission-critical. While organizations tend to think that all IT systems are mission-critical, the intersection with operational technology (OT) raises the stakes considerably. For example, exposing a power grid, manufacturing plant, or medical equipment to vulnerability from malicious actors has significant consequences beyond threats that organizations have traditionally encountered. These unique attributes of IoT require organizations to take a three-pronged approach to IoT security that incorporates the device, the network, and the data. For the remainder of this report, we will focus specifically on the device and connection as first points of vulnerability and the foundation for IoT security. Creating the Right Approach for IoT Device Connection Security The proliferation of new devices and sensors means that the device and its intersection with the network connection are the initial points of vulnerability for IoT solutions. This also implies that a strong foundational approach for IoT security begins with device connectivity. When creating a best practice approach for IoT device connectivity, cybersecurity professionals should consider the following core requirements: Identification: Both security and business leaders need to have clear knowledge of what devices are connecting across the enterprise IoT network. This can include device type/profile, connection method, number of devices/associated sensors, etc. Authentication of new devices: As IoT solutions scale, there will likely be a requirement to quickly onboard new devices and sensors onto the network. Authentication needs to be simplified in order to respond quickly to business requirements and accelerate device onboarding. However, security also needs to be maintained. Threat detection: The mission-criticality of IoT systems exposes organizations to potential crippling attacks on their core business. It s essential that security professionals have the ability to quickly detect anomalous behaviors that can reveal potential threats or intrusions into IoT systems and enterprise networks. Creating and enforcing security policy: Cybersecurity teams need to be able to create specific policies for IoT systems. These policies may also be dictated by different regulatory (e.g., HIPAA, FDA, and FAA) or geographic requirements that are further impacted by the connection of OT devices. Security teams need to be involved from the beginning of the process when evaluating solutions and vendor partners for IoT solutions. This will ensure that solutions can be benchmarked against these key requirements and criteria. How Great Bay s Beacon Suite Addresses IoT Security at the Device Connection Great Bay s approach is focused on the device connection as the foundation for IoT security. Beacon Suite s Endpoint Profiler is designed for discovering and profiling every device connected to wired or wireless networks. In addition to discovering and profiling IoT devices, Beacon s Enforcement module can also authenticate them, and automatically and intelligently onboard them to the correct network segment. Once the devices are connected, Beacon continuously monitors and intelligently detects potential threats like MAC spoofing attempts and enforces network access policies. Specifically, Great Bay Beacon Suite is focused on (see Figure 2): Enhanced visibility Beacon provides industry-leading, real-time visibility into every device connected to the network, whether IoT or traditional endpoints like computers, printers, phones, and cameras. Beacon discovers and profiles

4 Solution Showcase: Securing IoT Device Connections 4 devices using information that is readily available in existing network and security infrastructure. It includes more than 1,400 device profiles, and any device with a MAC address or IP address can be identified. Automated onboarding Beacon provides the ability to sponsor temporary or protected access for IoT devices, and automatically authenticates and places them on the right network segment, whether that is a guest network, a medical devices segment, or a plant floor zone. If new profile data is discovered, Beacon can automatically assist in moving devices from restricted access to full network access. There s no need for manual intervention, which significantly reduces costs associated with onboarding connected devices of all kinds. Continuous monitoring Beacon puts the device identity and behavior in context, so IT can see whether a device is acting within expected parameters, and respond rapidly to threats. Once devices are connected, Beacon continuously monitors for uncharacteristic behavior and detects MAC spoofing and other intrusion attempts faster and more comprehensively than any other solution. Active enforcement Beacon automatically enforces access policies, enabling suspicious devices to be quarantined or blocked from the network. Figure 2. Great Bay Beacon Suite IoT Security Approach The Bigger Truth Source: Great Bay Software, 2016 The Internet of Things holds enormous potential to transform organizations in all industries, in the form of operational efficiencies, better and differentiated customer service, creation of new products and services, and development of new business models. However, IoT systems also introduce new IT complexity, with security at the forefront of potential barriers to successful implementations. As organizations focus on cybersecurity as critical for not only IT, but also the business as a whole, they need to consider the security requirements for emerging technologies and initiatives, such as IoT. Successful IoT security solutions will take a holistic approach that incorporates devices, network connectivity, and the data

5 Solution Showcase: Securing IoT Device Connections 5 itself. A strong foundation for IoT security begins with the device and its connection to the corporate network. To establish this foundation, both cybersecurity professionals and business operations leaders must have the capability to identify the variety and volume of devices on the network, authenticate new devices quickly yet securely, continuously monitor device activity for abnormal behaviors, and implement and enforce policies. Implementing these important capabilities will go a long way to ensure that the risks of security threats are minimized while unlocking the business transformation potential of IoT initiatives. All trademark names are property of their respective companies. Information contained in this publication has been obtained by sources The Enterprise Strategy Group (ESG) considers to be reliable but is not warranted by ESG. This publication may contain opinions of ESG, which are subject to change. This publication is copyrighted by The Enterprise Strategy Group, Inc. Any reproduction or redistribution of this publication, in whole or in part, whether in hard-copy format, electronically, or otherwise to persons not authorized to receive it, without the express consent of The Enterprise Strategy Group, Inc., is in violation of U.S. copyright law and will be subject to an action for civil damages and, if applicable, criminal prosecution. Should you have any questions, please contact ESG Client Relations at Enterprise Strategy Group is an IT analyst, research, validation, and strategy firm that provides market intelligence and actionable insight to the global IT community by The Enterprise Strategy Group, Inc. All Rights Reserved. P

White Paper Cisco Fog Computing Solutions: Unleash the Power of the Internet of Things Connect things. Analyze and act on the data they produce in milliseconds. Then send the right data to the cloud for

White Paper Building Next Generation Data Centers Implications for I/O Strategies By Bob Laliberte, Senior Analyst August 2014 This ESG White Paper was commissioned by Emulex and is distributed under license

White Paper Network Encryption and its Impact on Enterprise Security By Jon Oltsik, Senior Principal Analyst February 2015 This ESG White Paper was commissioned by Blue Coat and is distributed under license

White Paper Getting on the Road to SDN Attacking DMZ Security Issues with Advanced Networking Solutions By Bob Laliberte, Senior Analyst March 2014 This ESG White Paper was commissioned by NEC and is distributed

Mission Statement The mission of the Security Industry Association (SIA) Standards Committee is to develop and promote the use of technology and application standards for the security industry; provide

Enterprise Strategy Group Getting to the bigger truth. SOLUTION SHOWCASE HGST Object Storage for a New Generation of IT Date: October 2015 Author: Scott Sinclair, Storage Analyst Abstract: Under increased

White Paper The Modern Network Monitoring Mandate By Bob Laliberte, Senior Analyst April 2014 This ESG White Paper was commissioned by Emulex and is distributed under license from ESG. White Paper: The

Simplify Software as a Service (SaaS) Integration By Simon Peel December 2008 Introduction Fuelled by a fiercely competitive business environment that requires the pace of business and technology to accelerate,

Retail Security: Enabling Retail Business Innovation with Threat-Centric Security. 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco public information. (1110R) 1 In the past

Behind Every Cloud, There s a Reason Analyzing the Six Possible Business and Technology Drivers for Going Cloud CONTENTS Executive Summary Six Drivers for Going Cloud Business Growth Efficiency Experience

Leveraging Privileged Identity Governance to Improve Security Posture Understanding the Privileged Insider Threat It s no secret that attacks on IT systems and information breaches have increased in both

PARTNER BRIEF Service Operations Management from CA Technologies are you helping your customers achieve their expectations for IT based service quality and availability? FOR PARTNER USE ONLY DO NOT DISTRIBUTE

ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave

Accenture and Oracle: Leading the IoT Revolution ACCENTURE AND ORACLE The Internet of Things (IoT) is rapidly moving from concept to reality, as companies see the value of connecting a range of sensors,

THE BUSINESS VALUE OF MANAGED SECURITY SERVICES. INTRODUCTION For many organizations, outsourcing network security services appears to be a logical choice. You avoid hardware, licensing, and maintenance

Technology Insight Paper Converged, Real-time Analytics Enabling Faster Decision Making and New Business Opportunities By John Webster February 2015 Enabling you to make the best technology decisions Enabling

HiTech White Paper A Next Generation Search System for Today's Digital Enterprises About the Author Ajay Parashar Ajay Parashar is a Solution Architect with the HiTech business unit at Tata Consultancy

2016 Firewall Management Trends Report A survey of trends in firewall use and satisfaction with firewall management JANUARY 2016 Copyright 2016 Skybox Security, Inc. All rights reserved. Skybox is a trademark

A Channel Company White Paper Online Security Beyond Malware and Antivirus Brought to You By: Abstract Security has always encompassed physical and logical components. But in the face of Bring Your Own

Enterprise Strategy Group Getting to the bigger truth. By Bill Lundell, Senior Research Analyst and John McKnight, VP Research and Analysts March 2015 4 Cloud Computing: Not a Question of If, but Rather

SOLUTION BRIEF Identity and Access Management Solutions from CA Technologies for Government Agencies Your Network Has Been Compromised. Is It Time To Reevaluate Your Traditional Cybersecurity Paradigms?

White Paper Closing the Big Data Management and Security Gap By Nik Rouda, Senior Analyst October 2014 This ESG White Paper was commissioned by Zettaset and is distributed under license from ESG. 2 Contents

Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,

Technical paper Open source comes of age for ERP customers It s no secret that open source software costs less to buy the software is free, in fact. But until recently, many enterprise datacenter managers

When to Leverage Video as a Platform A Guide to Optimizing the Retail Environment Contents S1 An Industry in Transition Over the past few years, retail has seen seismic changes in how the customer shops.

Active Network Defense: Real time Network Situational Awareness and a Single Source of Integrated, Comprehensive Network Knowledge This paper will present a case study of Lumeta s participation in an open

Cyber security: Are consumer companies up to the challenge? 1 Cyber security: Are consumer companies up to the challenge? A survey of webcast participants kpmg.com 1 Cyber security: Are consumer companies

Industrial Control System Cybersecurity Buyer s Top 10 Guide 1 Introduction The purpose of this guide is to provide you with high-level questions to ask of any prospective vendor looking to secure your

A HARVARD BUSINESS REVIEW ANALYTIC SERVICES REPORT INTERNET OF THINGS: SCIENCE FICTION OR BUSINESS FACT? Copyright 2014 Harvard Business School Publishing. sponsored by SPONSOR PERSPECTIVE Each year the

White Paper VMware and the Need for Cyber Supply Chain Security Assurance By Jon Oltsik, Senior Principal Analyst September 2015 This ESG White Paper was commissioned by VMware and is distributed under

Securing Internet Payments across Europe Guidelines for Detecting and Preventing Fraud Table of Contents Executive Summary Protecting Internet Payments: A Top Priority for All Stakeholders European Central

Research Perspectives Paper Network Security Operations and Cloud Computing By Jon Oltsik, Senior Principal Analyst April 2015 This ESG Research Perspectives Paper was commissioned by Tufin and is distributed

Research Report Abstract: Threat Intelligence and Its Role Within Enterprise Cybersecurity Practices By Jon Oltsik, Senior Principal Analyst With Bill Lundell, Senior Research Analyst and Jennifer Gahm,